OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "sandbox/win/src/target_services.h" | 5 #include "sandbox/win/src/target_services.h" |
6 | 6 |
7 #include <new> | 7 #include <new> |
8 | 8 |
9 #include <process.h> | 9 #include <process.h> |
| 10 #include <stdint.h> |
10 | 11 |
11 #include "base/basictypes.h" | |
12 #include "base/win/windows_version.h" | 12 #include "base/win/windows_version.h" |
13 #include "sandbox/win/src/crosscall_client.h" | 13 #include "sandbox/win/src/crosscall_client.h" |
14 #include "sandbox/win/src/handle_closer_agent.h" | 14 #include "sandbox/win/src/handle_closer_agent.h" |
15 #include "sandbox/win/src/handle_interception.h" | 15 #include "sandbox/win/src/handle_interception.h" |
16 #include "sandbox/win/src/ipc_tags.h" | 16 #include "sandbox/win/src/ipc_tags.h" |
17 #include "sandbox/win/src/process_mitigations.h" | 17 #include "sandbox/win/src/process_mitigations.h" |
18 #include "sandbox/win/src/restricted_token_utils.h" | 18 #include "sandbox/win/src/restricted_token_utils.h" |
19 #include "sandbox/win/src/sandbox.h" | 19 #include "sandbox/win/src/sandbox.h" |
| 20 #include "sandbox/win/src/sandbox_nt_util.h" |
20 #include "sandbox/win/src/sandbox_types.h" | 21 #include "sandbox/win/src/sandbox_types.h" |
21 #include "sandbox/win/src/sharedmem_ipc_client.h" | 22 #include "sandbox/win/src/sharedmem_ipc_client.h" |
22 #include "sandbox/win/src/sandbox_nt_util.h" | |
23 | 23 |
24 namespace { | 24 namespace { |
25 | 25 |
26 // Flushing a cached key is triggered by just opening the key and closing the | 26 // Flushing a cached key is triggered by just opening the key and closing the |
27 // resulting handle. RegDisablePredefinedCache() is the documented way to flush | 27 // resulting handle. RegDisablePredefinedCache() is the documented way to flush |
28 // HKCU so do not use it with this function. | 28 // HKCU so do not use it with this function. |
29 bool FlushRegKey(HKEY root) { | 29 bool FlushRegKey(HKEY root) { |
30 HKEY key; | 30 HKEY key; |
31 if (ERROR_SUCCESS == ::RegOpenKeyExW(root, NULL, 0, MAXIMUM_ALLOWED, &key)) { | 31 if (ERROR_SUCCESS == ::RegOpenKeyExW(root, NULL, 0, MAXIMUM_ALLOWED, &key)) { |
32 if (ERROR_SUCCESS != ::RegCloseKey(key)) | 32 if (ERROR_SUCCESS != ::RegCloseKey(key)) |
(...skipping 128 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
161 // The broker services a 'test' IPC service with the IPC_PING_TAG tag. | 161 // The broker services a 'test' IPC service with the IPC_PING_TAG tag. |
162 bool TargetServicesBase::TestIPCPing(int version) { | 162 bool TargetServicesBase::TestIPCPing(int version) { |
163 void* memory = GetGlobalIPCMemory(); | 163 void* memory = GetGlobalIPCMemory(); |
164 if (NULL == memory) { | 164 if (NULL == memory) { |
165 return false; | 165 return false; |
166 } | 166 } |
167 SharedMemIPCClient ipc(memory); | 167 SharedMemIPCClient ipc(memory); |
168 CrossCallReturn answer = {0}; | 168 CrossCallReturn answer = {0}; |
169 | 169 |
170 if (1 == version) { | 170 if (1 == version) { |
171 uint32 tick1 = ::GetTickCount(); | 171 uint32_t tick1 = ::GetTickCount(); |
172 uint32 cookie = 717115; | 172 uint32_t cookie = 717115; |
173 ResultCode code = CrossCall(ipc, IPC_PING1_TAG, cookie, &answer); | 173 ResultCode code = CrossCall(ipc, IPC_PING1_TAG, cookie, &answer); |
174 | 174 |
175 if (SBOX_ALL_OK != code) { | 175 if (SBOX_ALL_OK != code) { |
176 return false; | 176 return false; |
177 } | 177 } |
178 // We should get two extended returns values from the IPC, one is the | 178 // We should get two extended returns values from the IPC, one is the |
179 // tick count on the broker and the other is the cookie times two. | 179 // tick count on the broker and the other is the cookie times two. |
180 if ((answer.extended_count != 2)) { | 180 if ((answer.extended_count != 2)) { |
181 return false; | 181 return false; |
182 } | 182 } |
183 // We test the first extended answer to be within the bounds of the tick | 183 // We test the first extended answer to be within the bounds of the tick |
184 // count only if there was no tick count wraparound. | 184 // count only if there was no tick count wraparound. |
185 uint32 tick2 = ::GetTickCount(); | 185 uint32_t tick2 = ::GetTickCount(); |
186 if (tick2 >= tick1) { | 186 if (tick2 >= tick1) { |
187 if ((answer.extended[0].unsigned_int < tick1) || | 187 if ((answer.extended[0].unsigned_int < tick1) || |
188 (answer.extended[0].unsigned_int > tick2)) { | 188 (answer.extended[0].unsigned_int > tick2)) { |
189 return false; | 189 return false; |
190 } | 190 } |
191 } | 191 } |
192 | 192 |
193 if (answer.extended[1].unsigned_int != cookie * 2) { | 193 if (answer.extended[1].unsigned_int != cookie * 2) { |
194 return false; | 194 return false; |
195 } | 195 } |
196 } else if (2 == version) { | 196 } else if (2 == version) { |
197 uint32 cookie = 717111; | 197 uint32_t cookie = 717111; |
198 InOutCountedBuffer counted_buffer(&cookie, sizeof(cookie)); | 198 InOutCountedBuffer counted_buffer(&cookie, sizeof(cookie)); |
199 ResultCode code = CrossCall(ipc, IPC_PING2_TAG, counted_buffer, &answer); | 199 ResultCode code = CrossCall(ipc, IPC_PING2_TAG, counted_buffer, &answer); |
200 | 200 |
201 if (SBOX_ALL_OK != code) { | 201 if (SBOX_ALL_OK != code) { |
202 return false; | 202 return false; |
203 } | 203 } |
204 if (cookie != 717111 * 3) { | 204 if (cookie != 717111 * 3) { |
205 return false; | 205 return false; |
206 } | 206 } |
207 } else { | 207 } else { |
(...skipping 44 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
252 ResultCode TargetServicesBase::DuplicateHandle(HANDLE source_handle, | 252 ResultCode TargetServicesBase::DuplicateHandle(HANDLE source_handle, |
253 DWORD target_process_id, | 253 DWORD target_process_id, |
254 HANDLE* target_handle, | 254 HANDLE* target_handle, |
255 DWORD desired_access, | 255 DWORD desired_access, |
256 DWORD options) { | 256 DWORD options) { |
257 return sandbox::DuplicateHandleProxy(source_handle, target_process_id, | 257 return sandbox::DuplicateHandleProxy(source_handle, target_process_id, |
258 target_handle, desired_access, options); | 258 target_handle, desired_access, options); |
259 } | 259 } |
260 | 260 |
261 } // namespace sandbox | 261 } // namespace sandbox |
OLD | NEW |